CVE-2016-4379

Name of the Vulnerable Software and Affected Versions HPE Integrated Lights-Out 3 (iLO3) versions prior to 1.88

Description The issue is related to the TLS implementation, which does not properly use a MAC protection mechanism in conjunction with CBC padding. This allows remote attackers to obtain sensitive information via a padding-oracle attack, also known as a Vaudenay attack. The vulnerability could be remotely exploited using TLS CBC Padding and MAC Errors, resulting in disclosure of information.

Recommendations For HPE Integrated Lights-Out 3 (iLO3) versions prior to 1.88, update the firmware to version 1.88 or later to resolve the issue.